Security News

Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs
2024-03-28 08:07

In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to...

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb
2024-03-28 07:45

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Germany warns of 17K vulnerable Microsoft Exchange servers exposed online
2024-03-26 19:21

The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. According to the German Federal Office for Information Security, around 45,000 Microsoft Exchange servers in Germany have Outlook Web Access enabled and are accessible from the Internet.

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
2024-03-26 13:26

Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions "Are so outdated that security updates are no longer offered for them," the German Federal Office for Information Security has warned today. The BSI worries about attackers breaching those servers by exploiting CVE-2024-21410, a critical elevation of privilege bug that allows attackers to learn a targeted user's NTLM credentials and "Relay" them to authenticate themselves to a vulnerable Exchange Server as the user.

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
2024-03-26 08:31

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia...

US sanctions crypto exchanges used by Russian darknet market, banks
2024-03-25 21:20

The U.S. Treasury Department's Office of Foreign Assets Control has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. The first, Bitpapa IC FZC LLC, is a peer-to-peer virtual currency exchange that caters to Russian nationals and has facilitated millions of dollars in transactions with two OFAC-designated Russian entities, Hydra Market and Garantex.

Microsoft fixes Outlook clients not syncing over Exchange ActiveSync
2024-03-01 16:05

Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. Exchange ActiveSync is a synchronization protocol used by Microsoft Exchange to allow users to access their email, calendar, contacts, and tasks.

Over 28,500 Exchange servers vulnerable to actively exploited bug
2024-02-19 18:46

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Currently, 28,500 servers have been identified as being vulnerable.

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
2024-02-15 05:19

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...

Microsoft: New critical Exchange bug exploited as zero-day
2024-02-14 23:29

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. "The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf."